Cyber Incident Victim: American Dental Association
Date:
Apr 2022
Location:
United States of America
Summary
The American Dental Association experienced a ransomware attack attributed to the Black Basta group, leading to widespread network disruptions and forced shutdowns of critical systems including email, telephones, online services, and member portals. The organization engaged third-party cybersecurity experts and law enforcement to investigate the incident, initially stating no evidence of compromised member data. However, the attackers leaked approximately 30% of 2.8 GB of stolen information, which included financial documents, W2 forms, non-disclosure agreements, accounting spreadsheets, and sensitive member details. While response efforts were ongoing, the breach prompted concerns about potential spear-phishing risks targeting affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 21, 2022, the American Dental Association (ADA) experienced a cyberattack that disrupted critical network operations, forcing the organization to take affected systems offline. The attack impacted multiple services, including the Aptify email application, telephone network, webchat functionality, and regional websites handling account management and dues payments. Online platforms such as the ADA Store, ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, ADA Credentialing Service, and ADA Practice Transitions became inaccessible. The ADA website displayed a banner notifying users of technical difficulties while restoration efforts were underway. During the outage, the organization temporarily transitioned to Gmail addresses for external communications. Initial public statements from ADA representatives characterized the incident as technical issues under investigation, but internal communications to members confirmed a cyberattack. The ADA engaged third-party cybersecurity specialists and notified federal law enforcement, initiating a collaborative investigation. Preliminary assessments indicated no compromise of member information or other data at that stage.
The Black Basta ransomware group claimed responsibility for the attack, marking the ADA as its first publicly listed victim on its leak site. Security researchers MalwareHunterTeam and Emsisoft analyst Brett Callow corroborated the group’s involvement, noting Black Basta’s emergence as a new ransomware operation with no clear ties to prior variants. The group leaked approximately 30% of 2.8 GB of data allegedly exfiltrated during the attack, including W2 forms, non-disclosure agreements, accounting spreadsheets, and member-specific information. This data release occurred despite the ADA’s earlier assurances regarding data integrity. The organization issued a formal letter to members on April 25, acknowledging the ongoing investigation and pledging compliance with legal notification requirements if personal information exposure was confirmed. The incident caused sustained operational disruptions across member services and administrative functions, with recovery efforts continuing beyond the initial outage period. The potential exposure of member data raised concerns about subsequent targeted spear-phishing attempts against affected individuals.